Cryptolocker encrypts files on the compromised computer and demands a ransom to provide the decryption key needed to decrypt the files.
F-Secure detects Cryptolocker malware using a variety of generic detections. Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting or renaming it.
Like most ransomware, though the malware itself can be removed, the encryption used to take the files hostage is sufficient to make it very difficult to decrypt the files without the necessary decryption key.
In such circumstances, the recommended course of action is to report the crime to the relevant authorities and restore the affected data from a backup.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Cryptolocker is ransomware that is spread by both malicious file attachments to email messages and via the Gameover Zeus botnet. When Cryptolocker is run, it encrypts files on the compromised machine and displays a message informing the user that a decryption key must be purchased in order to recover access to the files held at ransom.
For more information, see:
If you believe you have encountered an undetected Cryptolocker sample, please send it to us for analysis via our Submit A Sample (SAS) page.
Update: 10 February, 2015: Details of the CTB-Locker ransomware which were originally posted in this description have now been moved to a separate description, Trojan:W32/CTB-Locker, to minimize confusion between these two ransomware families.
Date Created: -
Date Last Modified: -